On Thu, Feb 28, 2008 at 12:20 PM, Wade Preston Shearer < [EMAIL PROTECTED]> wrote:
> > Because it's less strict. If you're not explicitly referencing the > > method, > > it becomes that much easier to rewrite something, unwittingly or not. > > Isn't that a plus? > No, no, no, I mean, rewriting in the bad way. Let's say you have a GET variable called "loginid". You access it via $_REQUEST. What if you include a script that you or another developer wrote that resets $_COOKIE['loginid'] ? Your $_REQUEST will now access the cookie value, not the GET value. > As long as there are no security problems, isn't this flexibility a > good thing? > Not at all. There are reasons why the RFC defines GET, POST, PUT, DELETE, etc, differently. You should know which method is being used, and you shouldn't access them all the same way. There's absolutely no reason for $_REQUEST to even exist in PHP. Read the RFC [1], please. There's no excuse for a web developer not to have the HTTP RFC down pat. dw 1: http://www.faqs.org/rfcs/rfc2616.html -- - http://stderr.ws/ "Insert pseudo-insightful quote here." - Some Guy _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
